Mozilla Firefox — свободный браузер на движке Gecko

Релизный цикл, информация об уязвимостях

Продукт: Mozilla Firefox

Вендор: mozilla

График релизов

Недавние уязвимости Mozilla Firefox

Количество 15 501

CVE-2025-8038

7 месяцев назад

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

CVSS3: 3.4

EPSS: Низкий

CVE-2025-8031

7 месяцев назад

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 6.1

EPSS: Низкий

CVE-2025-8030

7 месяцев назад

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 6.1

EPSS: Низкий

CVE-2025-8037

7 месяцев назад

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

CVSS3: 6.1

EPSS: Низкий

CVE-2025-8036

7 месяцев назад

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

CVSS3: 6.1

EPSS: Низкий

CVE-2025-8027

7 месяцев назад

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 7.5

EPSS: Низкий

CVE-2025-8028

7 месяцев назад

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 7.5

EPSS: Низкий

CVE-2025-8029

7 месяцев назад

Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

CVSS3: 6.1

EPSS: Низкий

BDU:2025-09277

7 месяцев назад

Уязвимость браузера Mozilla Firefox операционных систем Android, связанная с нарушением механизма защиты данных, позволяющая нарушителю обойти существующие ограничения безопасности

CVSS3: 4.3

EPSS: Низкий

BDU:2025-10492

7 месяцев назад

Уязвимость браузеров Mozilla Firefox и почтового клиента Thunderbird, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2025-8038 Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.	CVSS3: 3.4	0% Низкий	7 месяцев назад
CVE-2025-8031 The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 6.1	0% Низкий	7 месяцев назад
CVE-2025-8030 Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 6.1	0% Низкий	7 месяцев назад
CVE-2025-8037 Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.	CVSS3: 6.1	0% Низкий	7 месяцев назад
CVE-2025-8036 Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.	CVSS3: 6.1	0% Низкий	7 месяцев назад
CVE-2025-8027 On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 7.5	0% Низкий	7 месяцев назад
CVE-2025-8028 On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 7.5	0% Низкий	7 месяцев назад
CVE-2025-8029 Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.	CVSS3: 6.1	0% Низкий	7 месяцев назад
BDU:2025-09277 Уязвимость браузера Mozilla Firefox операционных систем Android, связанная с нарушением механизма защиты данных, позволяющая нарушителю обойти существующие ограничения безопасности	CVSS3: 4.3	0% Низкий	7 месяцев назад
BDU:2025-10492 Уязвимость браузеров Mozilla Firefox и почтового клиента Thunderbird, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 9.8	0% Низкий	7 месяцев назад

Уязвимостей на страницу